Rudder

During an installation, Rudder server has sent its inventory to endpoint but the LDAP access was denied to rudder-webapp:

[...]
[2014-07-07 14:25:11] INFO  com.normation.inventory.provisioning.endpoint.FusionReportEndpoint - Report 'server-2014-07-07-14-25-06.ocs' parsed in 1 second and 805 milliseconds, sending to save engine.

[2014-07-07 14:25:11] ERROR com.normation.ldap.sdk.ROPooledSimpleAuthConnectionProvider - Can't get a new LDAP connection
com.unboundid.ldap.sdk.LDAPException: invalid credentials
[...]

Then, no inventory has been received by rudder-webapp. The result is that the server itself has no role leading to wrong generated promises.

The promises applied was not able to configure correctly rsyslog configuration (cfengine variable not expanded [p.psql_password²] ). Furthermore, applying MetaTechniques during thisstate will broke CFEngine promises:

$ /var/rudder/cfengine-community/bin/cf-agent -KI
2014-07-07T15:00:47+0000    error: Bundle 'Add_best_editor' listed in the bundlesequence is not a defined bundle
2014-07-07T15:00:47+0000    error: Fatal CFEngine error: Errors in promise bundles: could not verify bundlesequence
2014-07-07T15:00:47+0000    error: Policy failed validation with command '"/var/rudder/cfengine-community/bin/cf-promises" -c "/var/rudder/cfengine-community/inputs/promises.cf"'

The workaround is:
- Resend server inventory to endpoint:

/var/rudder/cfengine-community/bin/^C-agent -KID force_inventory

or

cp /var/rudder/inventories/received/server*ocs /var/rudder/inventories/incoming/

- Apply a "clear cache": On WebUI 'Administration' -> 'Settings' -> 'Clear policy caches' -> 'Clear Caches' Button